Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

moving okta-sso for new id #1911

Merged
merged 3 commits into from
Jan 3, 2025
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,16 @@

import java.util.ArrayList;

import org.bson.conversions.Bson;

import com.akto.action.UserAction;
import com.akto.dao.ConfigsDao;
import com.akto.dao.UsersDao;
import com.akto.dao.context.Context;
import com.akto.dto.Config;
import com.akto.dto.User;
import com.akto.dto.Config.OktaConfig;
import com.akto.util.Constants;
import com.akto.util.DashboardMode;
import com.akto.utils.sso.SsoUtils;
import com.mongodb.BasicDBObject;
Expand All @@ -29,7 +33,9 @@ public String addOktaSso() {
return ERROR.toUpperCase();
}

Config.OktaConfig oktaConfig = new Config.OktaConfig();
int accountId = Context.accountId.get();

Config.OktaConfig oktaConfig = new Config.OktaConfig(accountId);
oktaConfig.setClientId(clientId);
oktaConfig.setClientSecret(clientSecret);
oktaConfig.setAuthorisationServerId(authorisationServerId);
Expand All @@ -47,17 +53,9 @@ public String addOktaSso() {
}

public String deleteOktaSso() {
DeleteResult result;
if(DashboardMode.isOnPremDeployment()) {
result = ConfigsDao.instance.deleteAll(Filters.eq("_id", "OKTA-ankush"));
} else {
result = ConfigsDao.instance.deleteAll(
Filters.and(
Filters.eq("_id", "OKTA-ankush"),
Filters.eq(Config.OktaConfig.ACCOUNT_ID, Context.accountId.get())
)
);
}
int accountId = Context.accountId.get();
Bson idFilter = Filters.eq(Constants.ID, OktaConfig.getOktaId(accountId));
DeleteResult result = ConfigsDao.instance.deleteAll(idFilter);

if (result.getDeletedCount() > 0) {
for (Object obj : UsersDao.instance.getAllUsersInfoForTheAccount(Context.accountId.get())) {
Expand All @@ -72,13 +70,9 @@ public String deleteOktaSso() {

@Override
public String execute() throws Exception {
Config.OktaConfig oktaConfig;
if(DashboardMode.isOnPremDeployment()) {
oktaConfig = (Config.OktaConfig) ConfigsDao.instance.findOne("_id", "OKTA-ankush");
} else {
String email = getSUser().getLogin();
oktaConfig = Config.getOktaConfig(email);
}
int accountId = Context.accountId.get();
Config.OktaConfig oktaConfig = (Config.OktaConfig) ConfigsDao.instance.findOne(Constants.ID, OktaConfig.getOktaId(accountId));

if (SsoUtils.isAnySsoActive() && oktaConfig == null) {
addActionError("A different SSO Integration already exists.");
return ERROR.toUpperCase();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@
import com.akto.dto.ApiCollectionUsers.CollectionType;
import com.akto.dto.Config.AzureConfig;
import com.akto.dto.Config.ConfigType;
import com.akto.dto.Config.OktaConfig;
import com.akto.dto.RBAC.Role;
import com.akto.dto.User.AktoUIMode;
import com.akto.dto.data_types.Conditions;
Expand Down Expand Up @@ -136,6 +137,7 @@
import org.bouncycastle.jcajce.provider.asymmetric.dsa.DSASigner.stdDSA;
import org.bson.conversions.Bson;
import org.bson.types.ObjectId;
import org.checkerframework.checker.units.qual.C;
import org.json.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
Expand Down Expand Up @@ -2922,6 +2924,27 @@ private static void deleteOptionsAPIs(BackwardCompatibility backwardCompatibilit
}
}

private static void moveOktaOidcSSO(BackwardCompatibility backwardCompatibility){
if(backwardCompatibility.getMoveOktaOidcSSO() == 0){
String saltId = ConfigType.OKTA.name() + Config.CONFIG_SALT;
Config.OktaConfig oktaConfig = (Config.OktaConfig) ConfigsDao.instance.findOne(
Filters.eq(Constants.ID, saltId)
);
if(oktaConfig != null){
int accountId = Context.accountId.get();
oktaConfig.setId(OktaConfig.getOktaId(accountId));
ConfigsDao.instance.insertOne(oktaConfig);
ConfigsDao.instance.deleteAll(
Filters.eq(Constants.ID, saltId)
);
}
BackwardCompatibilityDao.instance.updateOne(
Filters.eq("_id", backwardCompatibility.getId()),
Updates.set(BackwardCompatibility.MOVE_OKTA_OIDC_SSO, Context.now())
);
}
}

public static void setBackwardCompatibilities(BackwardCompatibility backwardCompatibility){
if (DashboardMode.isMetered()) {
initializeOrganizationAccountBelongsTo(backwardCompatibility);
Expand Down Expand Up @@ -2953,6 +2976,7 @@ public static void setBackwardCompatibilities(BackwardCompatibility backwardComp
dropSpecialCharacterApiCollections(backwardCompatibility);
addDefaultAdvancedFilters(backwardCompatibility);
moveAzureSamlConfig(backwardCompatibility);
moveOktaOidcSSO(backwardCompatibility);
}

public static void printMultipleHosts(int apiCollectionId) {
Expand Down
3 changes: 2 additions & 1 deletion apps/dashboard/src/main/java/com/akto/utils/OktaLogin.java
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
import com.akto.dao.context.Context;
import com.akto.dto.Config;
import com.akto.dto.Config.OktaConfig;
import com.akto.util.Constants;
import com.akto.utils.sso.SsoUtils;

public class OktaLogin {
Expand All @@ -23,7 +24,7 @@ public static OktaLogin getInstance() {
}

if (shouldProbeAgain) {
OktaConfig oktaConfig = (Config.OktaConfig) ConfigsDao.instance.findOne("_id", "OKTA-ankush");
OktaConfig oktaConfig = (Config.OktaConfig) ConfigsDao.instance.findOne(Constants.ID, OktaConfig.getOktaId(Context.accountId.get()));
if (instance == null) {
instance = new OktaLogin();
}
Expand Down
7 changes: 4 additions & 3 deletions apps/dashboard/src/main/java/com/akto/utils/sso/SsoUtils.java
Original file line number Diff line number Diff line change
Expand Up @@ -35,18 +35,19 @@ public static boolean isAnySsoActive(int accountId){
}

public static boolean isAnySsoActive(){
int accountId = Context.accountId.get();
String oktaIdString = OktaConfig.getOktaId(accountId);
if(DashboardMode.isMetered() && !DashboardMode.isOnPremDeployment()){
int accountId = Context.accountId.get();
if(!isAnySsoActive(accountId)){
return ConfigsDao.instance.count(Filters.and(
Filters.eq(Constants.ID, "OKTA-ankush"),
Filters.eq(Constants.ID, oktaIdString),
Filters.eq(OktaConfig.ACCOUNT_ID, accountId)
)) > 0;
}else{
return true;
}
}else{
List<String> ssoList = Arrays.asList("OKTA-ankush", "GITHUB-ankush", "AZURE-ankush");
List<String> ssoList = Arrays.asList(oktaIdString, "GITHUB-ankush", "AZURE-ankush");
Bson filter = Filters.in("_id", ssoList);
return ConfigsDao.instance.count(filter) > 0;
}
Expand Down
14 changes: 13 additions & 1 deletion libs/dao/src/main/java/com/akto/dto/BackwardCompatibility.java
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,9 @@ public class BackwardCompatibility {
public static final String DELETE_OPTIONS_API = "deleteOptionsAPIs";
private int deleteOptionsAPIs;

public static final String MOVE_OKTA_OIDC_SSO = "moveOktaOidcSSO";
private int moveOktaOidcSSO;

public BackwardCompatibility(int id, int dropFilterSampleData, int resetSingleTypeInfoCount, int dropWorkflowTestResult,
int readyForNewTestingFramework,int addAktoDataTypes, boolean deploymentStatusUpdated,
int authMechanismData, boolean mirroringLambdaTriggered, int deleteAccessListFromApiToken,
Expand All @@ -109,7 +112,7 @@ public BackwardCompatibility(int id, int dropFilterSampleData, int resetSingleTy
int loginSignupGroups, int vulnerableApiUpdationVersionV1, int riskScoreGroups,
int deactivateCollections, int disableAwsSecretPii, int apiCollectionAutomatedField,
int automatedApiGroups, int addAdminRoleIfAbsent, int dropSpecialCharacterApiCollections, int fixApiAccessType,
int addDefaultFilters, int moveAzureSamlToNormalSaml, int deleteOptionsAPIs) {
int addDefaultFilters, int moveAzureSamlToNormalSaml, int deleteOptionsAPIs, int moveOktaOidcSSO) {
this.id = id;
this.dropFilterSampleData = dropFilterSampleData;
this.resetSingleTypeInfoCount = resetSingleTypeInfoCount;
Expand Down Expand Up @@ -141,6 +144,7 @@ public BackwardCompatibility(int id, int dropFilterSampleData, int resetSingleTy
this.fixApiAccessType = fixApiAccessType;
this.moveAzureSamlToNormalSaml = moveAzureSamlToNormalSaml;
this.deleteOptionsAPIs = deleteOptionsAPIs;
this.moveOktaOidcSSO = moveOktaOidcSSO;
}

public BackwardCompatibility() {
Expand Down Expand Up @@ -425,4 +429,12 @@ public int getDeleteOptionsAPIs() {
public void setDeleteOptionsAPIs(int deleteOptionsAPIs) {
this.deleteOptionsAPIs = deleteOptionsAPIs;
}

public int getMoveOktaOidcSSO() {
return moveOktaOidcSSO;
}

public void setMoveOktaOidcSSO(int moveOktaOidcSSO) {
this.moveOktaOidcSSO = moveOktaOidcSSO;
}
}
15 changes: 12 additions & 3 deletions libs/dao/src/main/java/com/akto/dto/Config.java
Original file line number Diff line number Diff line change
Expand Up @@ -365,9 +365,17 @@ public static class OktaConfig extends Config {

public static final String CONFIG_ID = ConfigType.OKTA.name() + CONFIG_SALT;

public OktaConfig() {
public OktaConfig(){
this.configType = ConfigType.OKTA;
this.id = CONFIG_ID;
}

public static String getOktaId(int accountId){
return CONFIG_ID + "_" + accountId;
}

public OktaConfig(int id) {
this.configType = ConfigType.OKTA;
this.id = CONFIG_ID + "_" + id;
}

public String getClientId() {
Expand Down Expand Up @@ -686,9 +694,10 @@ public static boolean isConfigSSOType(ConfigType configType){
}

public static OktaConfig getOktaConfig(int accountId) {
String id = OktaConfig.getOktaId(accountId);
OktaConfig config = (OktaConfig) ConfigsDao.instance.findOne(
Filters.and(
Filters.eq("_id", "OKTA-ankush"),
Filters.eq("_id", id),
Filters.eq(OktaConfig.ACCOUNT_ID, accountId)
)
);
Expand Down
Loading